Private search engines StartPage and Ixquick have pioneered a new advance in encryption security this week, becoming the first search engines in the world to enable “Perfect Forward Secrecy” or PFS in combination with a more secure version of SSL encryption known as TLS 1.1. and 1.2 , which works by setting up a secure “tunnel” through which users’ search traffic cannot be intercepted.

This is the latest in a series of security firsts by StartPage and Ixquick, which pioneered the field of private search in 2006. Combined, StartPage/Ixquick is the largest private search engine, serving well over 4 million searches daily.

With SSL alone, if a target website’s “private key” can be obtained once in the future – perhaps through court order, social engineering, attack against the website, or cryptanalysis – that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people.

StartPage and Ixquick have now deployed a defense against this known as “Perfect Forward Secrecy,” or PFS.

PFS uses a different “per-session” key for each data transfer, so even if a site’s private SSL key is compromised, data that was previously transmitted is still safe. Those who want to decrypt large quantities of data sent using PFS face the daunting task of individually decrypting each separate file, as opposed to obtaining a single key to unlock them all.

This can be likened to replacing the master “skeleton key” that unlocks every room in a building with a tight security system that puts a new lock on each door and then creates a unique key for each lock.